Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support CORS use cases without the need to proxy requests #10084

Open
day0ops opened this issue Sep 23, 2024 · 0 comments
Open

Support CORS use cases without the need to proxy requests #10084

day0ops opened this issue Sep 23, 2024 · 0 comments
Labels
Area: Gloo Gateway Issues related to the Gloo Gateway project Type: Enhancement New feature or request

Comments

@day0ops
Copy link
Contributor

day0ops commented Sep 23, 2024
edited
Loading

Gloo Edge Product

Enterprise

Gloo Edge Version

1.17

Is your feature request related to a problem? Please describe.

Background:
Right now CORS can only be applied to direct responses and proxied requests (in other words has a valid backend service to send the request to).

Natively Envoy ignores CORS filter when combined with direct responses due to the nature of the filter ordering.

In Gloo Gateway, we have worked around the lack of support by sending the CORS headers whenever a direct response is applied as the destination. This however, by passes the CORS filter in Envoy hence it has limitations. Refer to the implementation here for further details. This implementation works as long as the origin domain is single but when multiple domains are provided this would lead to,

The 'Access-Control-Allow-Origin' header contains multiple values .... , but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

An example VS of this includes,

       options:
          cors:
            allowOrigin:
              - https://apps.demo.example.com
              - https://apps-test.example.com

The main user requirement is to be able to send static responses with CORS.

Describe the solution you'd like

Regardless of the request type (simple or pre-flight) we need to automatically determine the origin of the request and the CORS headers appropriately.

Describe alternatives you've considered

Similar to direct responses we can wire up a blackhole cluster (not a true destination) to apply the filter chain. GraphQL implementation attempted to solve this with a blackhole cluster in a similar way.

Additional Context

No response
@day0ops day0ops added Type: Enhancement New feature or request Area: Gloo Gateway Issues related to the Gloo Gateway project labels Sep 23, 2024
@day0ops day0ops changed the title Support CORS use cases without proxying requests Support CORS use cases without the need to proxy requests Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Gloo Gateway Issues related to the Gloo Gateway project Type: Enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@day0ops